{"Event":{"info":"OSINT - New Version of the Kronos Banking Trojan Discovered","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:banker=\"Kronos\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""},{"colour":"#284800","exportable":true,"name":"malware_classification:malware-category=\"Trojan\""},{"colour":"#002f76","exportable":true,"name":"ms-caro-malware-full:malware-family=\"Banker\""}],"publish_timestamp":"0","timestamp":"1532589815","analysis":"2","Attribute":[{"comment":"","category":"External analysis","uuid":"5b583145-9dd4-4cd6-a181-4956950d210f","timestamp":"1532589533","to_ids":false,"value":"https://www.bleepingcomputer.com/news/security/new-version-of-the-kronos-banking-trojan-discovered/","Tag":[{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""}],"disable_correlation":false,"object_relation":null,"type":"link"},{"comment":"Period: June 27-30, 2018 - Campaign type: Malspam, macro-laced Word docs - Target: Users of 5 German financial institutions","category":"Network activity","uuid":"5b587781-a54c-4c28-9f1d-95e8950d210f","timestamp":"1532524417","to_ids":true,"value":"http://jhrppbnh4d674kzh.onion/kpanel/connect.php","disable_correlation":false,"object_relation":null,"type":"url"},{"comment":"Period: July 13, 2018 \t - Campaign type: RIG EK - Target:Users of 13 Japanese financial institutions","category":"Network activity","uuid":"5b587781-6c90-4103-a398-95e8950d210f","timestamp":"1532524417","to_ids":true,"value":"http://jmjp2l7yqgaj5xvv.onion/kpanel/connect.php","disable_correlation":false,"object_relation":null,"type":"url"},{"comment":"","category":"External analysis","uuid":"5b587782-6c60-442f-a060-95e8950d210f","timestamp":"1532524418","to_ids":false,"value":"CVE-2017-11882","disable_correlation":false,"object_relation":null,"type":"vulnerability"},{"comment":"Period: July 15-16, 2018 - Campaign type:Malspam, CVE-2017-11882- Target:Users in Poland","category":"Network activity","uuid":"5b587782-4d38-41d3-bd2b-95e8950d210f","timestamp":"1532524418","to_ids":true,"value":"http://suzfjfguuis326qw.onion/kpanel/connect.php","disable_correlation":false,"object_relation":null,"type":"url"},{"comment":"Period: July 20, 2018 - Campaign type:Software download site \t - Target:Test run","category":"Network activity","uuid":"5b587783-4c94-493e-8534-95e8950d210f","timestamp":"1532524419","to_ids":true,"value":"http://mysmo35wlwhrkeez.onion/kpanel/connect.php","disable_correlation":false,"object_relation":null,"type":"url"},{"comment":"","category":"External analysis","uuid":"5b587dbd-4ae0-4551-9117-95e9950d210f","timestamp":"1532589513","to_ids":false,"value":"A new version of the Kronos banking trojan is making the rounds, according to Proofpoint security researchers, who say they've identified at last three campaigns spreading a revamped version of this old trojan that had its heyday back in 2014.\r\n\r\nAccording to a report published yesterday evening, first samples of this new Kronos variant have been spotted in April, this year.\r\n\r\nWhile initial samples appeared to be tets, real-life campaigns got off the ground in late June, when researchers started detecting malspam and exploit kits delivering this new version to users in the wild.","Tag":[{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""}],"disable_correlation":false,"object_relation":null,"type":"text"}],"extends_uuid":"","published":false,"date":"2018-07-25","Orgc":{"uuid":"55f6ea5e-2c60-40e5-964f-47a8950d210f","name":"CIRCL"},"threat_level_id":"3","uuid":"5b58311f-df38-4c0f-a1dd-4655950d210f"}}
